Re: Emacs: Crypto: How to get automatic encryption?

[Antoine Beaupré]

Jumping in here, I have modified the previously posted code here to
provide me with a more complete solution.

With the attach code, I can:

 * automatically encrypt mails if all recipients have a *valid* public
   key. The previous patch allowed encryption if a key existed but was
   revoked, which cause a weird UX issue where the user would be
   bothered with No public key for...

 * not have specify if i want to encrypt the mail or not: it is
   encrypted if possible

 * try to autodetect (by running the function directly) if the mail will
   be crypted and signed or just signed before sending

 * explicitely request the mail to be encrypted or just signed, if I
   want to, using the usual keybindings (ie. the existing #secure tags
   are respected)

So basically, this replaces the common hook:

(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)

with this:

(add-hook 'message-send-hook 'anarcat/message-set-encryption)

The rationale behind this technique is that the setup-hook runs when
recipients are not yet defined so it will always set the mail to be only
signed, even though your final recipients should be crypted. 

An alternative would be for notmuch to prompt the To: header before
setting up the buffer (à la Mutt), but I didn't feel like going that
way.

Code is attached. Obviously, those function names would change if they
would be to integrate into notmuch. ;)



notmuch-opportunistic.el
Description: application/emacs-lisp

Opportunistic encryption, here we go.

a.

-- 
Evil exists to glorify the good. Evil is negative good.
It is a relative term. Evil can be transmuted into good.
What is evil to one at one time,
becomes good at another time to somebody else.
- Sivananda


pgpksLGKp0nOb.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[Antoine Beaupré]

On Tue, 17 Jan 2012 09:19:51 +, David Edmondson d...@dme.org wrote:
 On Mon, 16 Jan 2012 23:48:30 -0500, Antoine Beaupré anar...@anarcat.ath.cx 
 wrote:
  Jumping in here, I have modified the previously posted code here to
  provide me with a more complete solution.
 
 This looks good. I'll switch over to using it.

Awesome!

  Code is attached. Obviously, those function names would change if they
  would be to integrate into notmuch. ;)
 
 I wondered about pushing to have notmuch do this by default. In general
 I like the idea, but it suffers if a recipient occasionally uses a mail
 client that does not support decryption (phone, PDA, webmail, ...).

Well, it your call: you can disable encryption on the fly by setting the
message to just signing...

I have also found out (to great pains) that it is kind of difficult to
*completely* disable signing or encrypting, as the send-hook will
happily add back the #secure line even if you remove it.

A workaround is to set mode=none in the #secure line manually. Maybe
C-c RET C-n could do that instead of just removing the line?

On Tue, 17 Jan 2012 15:39:52 +, David Edmondson d...@dme.org wrote:
 (if (and force (re-search-forward #secure [ ]*\n nil t))
 (replace-match  nil nil))
 ;; If we can encrypt, do so, else just sign.
 (if (or force (not (re-search-forward #secure [ ]*\n nil t)))
 
 Is this second test for `force' necessary? If `force' is set then you'll
 remove the #secure.. just above, so it will not be found here.

Yes, it is. If force is true, the search-forward will not be ran at
all. The idea here is that if we do not force (ie. if we're running in
the hook), we do not want to override the existing #secure tags, to
respect the users' choices.

Cheers,

A.

-- 
Antoine Beaupré +++ Réseau Koumbit Networks +++ +1.514.387.6262 #208

___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Wed, 25 Jan 2012 09:45:01 -0800, Jameson Graef Rollins  wrote:
> On Wed, 25 Jan 2012 10:20:26 +, David Edmondson  wrote:
> > Isn't it still necessary to ensure that you have encryption keys
> > appropriate to the recipient?
> 
> I want to ensure that all replies to encrypted to be encrypted.  I
> would rather have the reply fail outright than fall back to
> unencrypted.

That's a policy decision that a user can (and perhaps should) take, but
not something that should be enforced by the tool. Encouraging this
approach is fine, of course. I can think of various situations where I
might send an un-encrypted reply to an encrypted message.

> Here's a behavior that I think would be reasonable:
> 
>  * notmuch reply outputs JSON encrypted flag
> 
>  * emacs does a quick check to see if the needed key is available
> 
>  * if key not available: give a nice mini-buffer prompt, something like:
>  
> 'encryption key for "Foo Bar " not found.  Retrieve?'
> 
>* if response is yes: call gpg to retrieve the key
> 
>  * if key available: add encrypt flag
> 
>else: I feel like this should abort, but maybe there's something to
>  be done here.  Allow reply but don't quote the original?

How about:
- notmuch reply outputs JSON encrypted flag,
- emacs inserts the relevant mml to request that the reply is sent
  encrypted if the flag is present.

With this approach the default behaviour is to send an encrypted reply
to an encrypted message, but the user has the chance to change the
behaviour using familiar (well, as familiar as mml can be) tools.

Adding improvements to retrieve keys for outgoing messages would be
generally useful - it's not just an issue for replies.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: 

Re: Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Wed, 25 Jan 2012 09:45:01 -0800, Jameson Graef Rollins 
jroll...@finestructure.net wrote:
 On Wed, 25 Jan 2012 10:20:26 +, David Edmondson d...@dme.org wrote:
  Isn't it still necessary to ensure that you have encryption keys
  appropriate to the recipient?
 
 I want to ensure that all replies to encrypted to be encrypted.  I
 would rather have the reply fail outright than fall back to
 unencrypted.

That's a policy decision that a user can (and perhaps should) take, but
not something that should be enforced by the tool. Encouraging this
approach is fine, of course. I can think of various situations where I
might send an un-encrypted reply to an encrypted message.

 Here's a behavior that I think would be reasonable:
 
  * notmuch reply outputs JSON encrypted flag
 
  * emacs does a quick check to see if the needed key is available
 
  * if key not available: give a nice mini-buffer prompt, something like:
  
 'encryption key for Foo Bar f...@bar.com not found.  Retrieve?'
 
* if response is yes: call gpg to retrieve the key
 
  * if key available: add encrypt flag
 
else: I feel like this should abort, but maybe there's something to
  be done here.  Allow reply but don't quote the original?

How about:
- notmuch reply outputs JSON encrypted flag,
- emacs inserts the relevant mml to request that the reply is sent
  encrypted if the flag is present.

With this approach the default behaviour is to send an encrypted reply
to an encrypted message, but the user has the chance to change the
behaviour using familiar (well, as familiar as mml can be) tools.

Adding improvements to retrieve keys for outgoing messages would be
generally useful - it's not just an issue for replies.


pgptOgiOzfeaj.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Emacs: Crypto: How to get automatic encryption?

[Daniel Kahn Gillmor]

On 01/25/2012 12:45 PM, Jameson Graef Rollins wrote:
> Here's a behavior that I think would be reasonable:
> 
>  * notmuch reply outputs JSON encrypted flag
> 
>  * emacs does a quick check to see if the needed key is available
> 
>  * if key not available: give a nice mini-buffer prompt, something like:
>  
> 'encryption key for "Foo Bar " not found.  Retrieve?'
> 
>* if response is yes: call gpg to retrieve the key
> 
>  * if key available: add encrypt flag
> 
>else: I feel like this should abort, but maybe there's something to
>  be done here.  Allow reply but don't quote the original?

I note from observing my own correspondence practices that there are
some other heuristics that might be reasonable, if we're willing to be
more sophisticated here too.

For example:

 * if the entire encrypted message body was signed by key X (which we
either have or fetch), and
 * X has a User ID which matches the address to which we're replying, and
 * we don't have a technically-valid matching User ID for the e-mail
address (so we wouldn't normally want to encrypt mail to key X),

then

 we could offer (or default) to encrypt the reply to that key anyway, on
the grounds that the keyholder in question knew the contents of the
original message anyway.

Some visual indication of being in this corner-case state would be nice,
of course.

While i'm dreaming, I'd also love to be able to get some statistics
about how many messages in a given thread have this kind
encryption/signing response.  It would be interesting for some sort of
measurement of e-mail+keyholding continuity, which would be useful in a
more generalized contacts+crypto manager.

--dkg

-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: 

Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Wed, 25 Jan 2012 01:26:19 -0800, Jameson Graef Rollins  wrote:
> On Wed, 25 Jan 2012 06:23:01 +, David Edmondson  wrote:
> > Can you explain the logic that will apply to determine whether or not a
> > reply is encrypted?
> 
> My plan was to modify notmuch-reply.c to include a flag in the JSON
> output if the message being replied to was encrypted.  The emacs reply
> function could then look for that flag and add the ml-secure directive
> to encrypt the reply.

Isn't it still necessary to ensure that you have encryption keys
appropriate to the recipient?
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Wed, 25 Jan 2012 10:20:26 +, David Edmondson  wrote:
> Isn't it still necessary to ensure that you have encryption keys
> appropriate to the recipient?

I want to ensure that all replies to encrypted to be encrypted.  I would
rather have the reply fail outright than fall back to unencrypted.

Here's a behavior that I think would be reasonable:

 * notmuch reply outputs JSON encrypted flag

 * emacs does a quick check to see if the needed key is available

 * if key not available: give a nice mini-buffer prompt, something like:

'encryption key for "Foo Bar " not found.  Retrieve?'

   * if response is yes: call gpg to retrieve the key

 * if key available: add encrypt flag

   else: I feel like this should abort, but maybe there's something to
 be done here.  Allow reply but don't quote the original?

jamie.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Tue, 24 Jan 2012 16:10:47 -0800, Jameson Graef Rollins  wrote:
> On Tue, 24 Jan 2012 16:34:32 -0500, micah anderson  
> wrote:
> > David replied to it because it was sent to him, but the list email
> > hasn't come through yet (I want this functionality, so I'm dying to see
> > the patch!)
> 
> Hey, Micah.  There an outstanding patch series that add a new JSON reply
> format, and then uses that in emacs [0].  Once that's in, it will be
> relatively easy to implement auto-reply-to-encrypted.  I'm going to work
> on implementing that as soon as the above patch gets pushed to master.

Can you explain the logic that will apply to determine whether or not a
reply is encrypted?
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Wed, 25 Jan 2012 06:23:01 +, David Edmondson  wrote:
> Can you explain the logic that will apply to determine whether or not a
> reply is encrypted?

My plan was to modify notmuch-reply.c to include a flag in the JSON
output if the message being replied to was encrypted.  The emacs reply
function could then look for that flag and add the ml-secure directive
to encrypt the reply.

jamie.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: 

Re: Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Wed, 25 Jan 2012 06:23:01 +, David Edmondson d...@dme.org wrote:
 Can you explain the logic that will apply to determine whether or not a
 reply is encrypted?

My plan was to modify notmuch-reply.c to include a flag in the JSON
output if the message being replied to was encrypted.  The emacs reply
function could then look for that flag and add the ml-secure directive
to encrypt the reply.

jamie.


pgpyXy8nysrWr.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Wed, 25 Jan 2012 01:26:19 -0800, Jameson Graef Rollins 
jroll...@finestructure.net wrote:
 On Wed, 25 Jan 2012 06:23:01 +, David Edmondson d...@dme.org wrote:
  Can you explain the logic that will apply to determine whether or not a
  reply is encrypted?
 
 My plan was to modify notmuch-reply.c to include a flag in the JSON
 output if the message being replied to was encrypted.  The emacs reply
 function could then look for that flag and add the ml-secure directive
 to encrypt the reply.

Isn't it still necessary to ensure that you have encryption keys
appropriate to the recipient?


pgpKMocLh0OKq.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Wed, 25 Jan 2012 10:20:26 +, David Edmondson d...@dme.org wrote:
 Isn't it still necessary to ensure that you have encryption keys
 appropriate to the recipient?

I want to ensure that all replies to encrypted to be encrypted.  I would
rather have the reply fail outright than fall back to unencrypted.

Here's a behavior that I think would be reasonable:

 * notmuch reply outputs JSON encrypted flag

 * emacs does a quick check to see if the needed key is available

 * if key not available: give a nice mini-buffer prompt, something like:
 
'encryption key for Foo Bar f...@bar.com not found.  Retrieve?'

   * if response is yes: call gpg to retrieve the key

 * if key available: add encrypt flag

   else: I feel like this should abort, but maybe there's something to
 be done here.  Allow reply but don't quote the original?

jamie.


pgp2F9SRA2eFT.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[Daniel Kahn Gillmor]

On 01/25/2012 12:45 PM, Jameson Graef Rollins wrote:
 Here's a behavior that I think would be reasonable:
 
  * notmuch reply outputs JSON encrypted flag
 
  * emacs does a quick check to see if the needed key is available
 
  * if key not available: give a nice mini-buffer prompt, something like:
  
 'encryption key for Foo Bar f...@bar.com not found.  Retrieve?'
 
* if response is yes: call gpg to retrieve the key
 
  * if key available: add encrypt flag
 
else: I feel like this should abort, but maybe there's something to
  be done here.  Allow reply but don't quote the original?

I note from observing my own correspondence practices that there are
some other heuristics that might be reasonable, if we're willing to be
more sophisticated here too.

For example:

 * if the entire encrypted message body was signed by key X (which we
either have or fetch), and
 * X has a User ID which matches the address to which we're replying, and
 * we don't have a technically-valid matching User ID for the e-mail
address (so we wouldn't normally want to encrypt mail to key X),

then

 we could offer (or default) to encrypt the reply to that key anyway, on
the grounds that the keyholder in question knew the contents of the
original message anyway.

Some visual indication of being in this corner-case state would be nice,
of course.

While i'm dreaming, I'd also love to be able to get some statistics
about how many messages in a given thread have this kind
encryption/signing response.  It would be interesting for some sort of
measurement of e-mail+keyholding continuity, which would be useful in a
more generalized contacts+crypto manager.

--dkg



signature.asc
Description: OpenPGP digital signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Emacs: Crypto: How to get automatic encryption?

[micah anderson]

On Tue, 17 Jan 2012 09:19:51 +, David Edmondson  wrote:
> On Mon, 16 Jan 2012 23:48:30 -0500, Antoine Beaupr?  anarcat.ath.cx> wrote:
> > Jumping in here, I have modified the previously posted code here to
> > provide me with a more complete solution.
> 
> This looks good. I'll switch over to using it.
> 
> > Code is attached. Obviously, those function names would change if they
> > would be to integrate into notmuch. ;)
> 
> I wondered about pushing to have notmuch do this by default. In general
> I like the idea, but it suffers if a recipient occasionally uses a mail
> client that does not support decryption (phone, PDA, webmail, ...).

It seems like the original message has not made it through the list
moderation still. 

David replied to it because it was sent to him, but the list email
hasn't come through yet (I want this functionality, so I'm dying to see
the patch!)

micah
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Tue, 24 Jan 2012 16:34:32 -0500, micah anderson  wrote:
> David replied to it because it was sent to him, but the list email
> hasn't come through yet (I want this functionality, so I'm dying to see
> the patch!)

Hey, Micah.  There an outstanding patch series that add a new JSON reply
format, and then uses that in emacs [0].  Once that's in, it will be
relatively easy to implement auto-reply-to-encrypted.  I'm going to work
on implementing that as soon as the above patch gets pushed to master.

jamie.

id:"1326995217-27423-1-git-send-email-awg+notmuch at xvx.ca"
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: 

Re: Emacs: Crypto: How to get automatic encryption?

[micah anderson]

On Tue, 17 Jan 2012 09:19:51 +, David Edmondson d...@dme.org wrote:
 On Mon, 16 Jan 2012 23:48:30 -0500, Antoine Beaupré anar...@anarcat.ath.cx 
 wrote:
  Jumping in here, I have modified the previously posted code here to
  provide me with a more complete solution.
 
 This looks good. I'll switch over to using it.
 
  Code is attached. Obviously, those function names would change if they
  would be to integrate into notmuch. ;)
 
 I wondered about pushing to have notmuch do this by default. In general
 I like the idea, but it suffers if a recipient occasionally uses a mail
 client that does not support decryption (phone, PDA, webmail, ...).

It seems like the original message has not made it through the list
moderation still. 

David replied to it because it was sent to him, but the list email
hasn't come through yet (I want this functionality, so I'm dying to see
the patch!)

micah


pgpNZZXuva0cx.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Tue, 24 Jan 2012 16:10:47 -0800, Jameson Graef Rollins 
jroll...@finestructure.net wrote:
 On Tue, 24 Jan 2012 16:34:32 -0500, micah anderson mi...@riseup.net wrote:
  David replied to it because it was sent to him, but the list email
  hasn't come through yet (I want this functionality, so I'm dying to see
  the patch!)
 
 Hey, Micah.  There an outstanding patch series that add a new JSON reply
 format, and then uses that in emacs [0].  Once that's in, it will be
 relatively easy to implement auto-reply-to-encrypted.  I'm going to work
 on implementing that as soon as the above patch gets pushed to master.

Can you explain the logic that will apply to determine whether or not a
reply is encrypted?


pgpCZ6nMMiYca.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Emacs: Crypto: How to get automatic encryption?

[Antoine Beaupré]

On Tue, 17 Jan 2012 09:19:51 +, David Edmondson  wrote:
> On Mon, 16 Jan 2012 23:48:30 -0500, Antoine Beaupr?  anarcat.ath.cx> wrote:
> > Jumping in here, I have modified the previously posted code here to
> > provide me with a more complete solution.
> 
> This looks good. I'll switch over to using it.

Awesome!

> > Code is attached. Obviously, those function names would change if they
> > would be to integrate into notmuch. ;)
> 
> I wondered about pushing to have notmuch do this by default. In general
> I like the idea, but it suffers if a recipient occasionally uses a mail
> client that does not support decryption (phone, PDA, webmail, ...).

Well, it your call: you can disable encryption on the fly by setting the
message to just signing...

I have also found out (to great pains) that it is kind of difficult to
*completely* disable signing or encrypting, as the send-hook will
happily add back the #secure line even if you remove it.

A workaround is to set "mode=none" in the #secure line manually. Maybe
C-c RET C-n could do that instead of just removing the line?

On Tue, 17 Jan 2012 15:39:52 +, David Edmondson  wrote:
> >(if (and force (re-search-forward "<#secure [> >]*>\n" nil t))
> >(replace-match "" nil nil))
> >;; If we can encrypt, do so, else just sign.
> >(if (or force (not (re-search-forward "<#secure [> >]*>\n" nil t)))
> 
> Is this second test for `force' necessary? If `force' is set then you'll
> remove the <#secure..> just above, so it will not be found here.

Yes, it is. If force is true, the search-forward will not be ran at
all. The idea here is that if we do not force (ie. if we're running in
the hook), we do not want to override the existing #secure tags, to
respect the users' choices.

Cheers,

A.

-- 
Antoine Beaupr? +++ R?seau Koumbit Networks +++ +1.514.387.6262 #208

Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

>(if (and force (re-search-forward "<#secure [> >]*>\n" nil t))
>  (replace-match "" nil nil))
>;; If we can encrypt, do so, else just sign.
>(if (or force (not (re-search-forward "<#secure [> >]*>\n" nil t)))

Is this second test for `force' necessary? If `force' is set then you'll
remove the <#secure..> just above, so it will not be found here.

>  (if (anarcat/message-guess-encryption)
>  (insert "<#secure method=pgpmime mode=signencrypt>\n")
>(insert "<#secure method=pgpmime mode=sign>\n"))
>)
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Mon, 16 Jan 2012 23:48:30 -0500, Antoine Beaupr?  
wrote:
> Jumping in here, I have modified the previously posted code here to
> provide me with a more complete solution.

This looks good. I'll switch over to using it.

> Code is attached. Obviously, those function names would change if they
> would be to integrate into notmuch. ;)

I wondered about pushing to have notmuch do this by default. In general
I like the idea, but it suffers if a recipient occasionally uses a mail
client that does not support decryption (phone, PDA, webmail, ...).
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[Antoine Beaupré]

Jumping in here, I have modified the previously posted code here to
provide me with a more complete solution.

With the attach code, I can:

 * automatically encrypt mails if all recipients have a *valid* public
   key. The previous patch allowed encryption if a key existed but was
   revoked, which cause a weird UX issue where the user would be
   bothered with "No public key for..."

 * not have specify if i want to encrypt the mail or not: it is
   encrypted if possible

 * try to autodetect (by running the function directly) if the mail will
   be crypted and signed or just signed before sending

 * explicitely request the mail to be encrypted or just signed, if I
   want to, using the usual keybindings (ie. the existing #secure tags
   are respected)

So basically, this replaces the common hook:

(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)

with this:

(add-hook 'message-send-hook 'anarcat/message-set-encryption)

The rationale behind this technique is that the setup-hook runs when
recipients are not yet defined so it will always set the mail to be only
signed, even though your final recipients should be crypted. 

An alternative would be for notmuch to prompt the To: header before
setting up the buffer ("? la" Mutt), but I didn't feel like going that
way.

Code is attached. Obviously, those function names would change if they
would be to integrate into notmuch. ;)

-- next part --
A non-text attachment was scrubbed...
Name: notmuch-opportunistic.el
Type: application/emacs-lisp
Size: 1839 bytes
Desc: not available
URL: 

-- next part --

Opportunistic encryption, here we go.

a.

-- 
Evil exists to glorify the good. Evil is negative good.
It is a relative term. Evil can be transmuted into good.
What is evil to one at one time,
becomes good at another time to somebody else.
- Sivananda
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: 

Re: Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Mon, 16 Jan 2012 23:48:30 -0500, Antoine Beaupré anar...@anarcat.ath.cx 
wrote:
 Jumping in here, I have modified the previously posted code here to
 provide me with a more complete solution.

This looks good. I'll switch over to using it.

 Code is attached. Obviously, those function names would change if they
 would be to integrate into notmuch. ;)

I wondered about pushing to have notmuch do this by default. In general
I like the idea, but it suffers if a recipient occasionally uses a mail
client that does not support decryption (phone, PDA, webmail, ...).


pgpfsdACwSem2.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Emacs: Crypto: How to get automatic encryption?

[Gregor Zattler]

Hi David, notmuch developers,
On Wed, 04 Jan 2012 08:48:43 +, David Edmondson  wrote:
> On Wed, 04 Jan 2012 08:36:39 +, David Edmondson  wrote:
> > (if (and encrypt (dme:message-determine-encryption))
> 
> Oops. `encrypt' is set to `t' earlier if the code decides that I want to
> encrypt outgoing mail (it's not set for work purposes, in essence).

Thanks for your code.  It works here too and is much appreciated.  

[Off topic: I'm working through the mime-security customisation
at the moment.  As far as I see now mime-security proposes all
ultimately trusted keys for signing and does not filter this list
of keys with the email address in the From: header.  As a mutt
user I'm used otherwise: mutt is configurable to only show a key
selection menu if there are more than one key which fit the
relevant address -- otherwise it uses this only one without
further ado.]

Ciao; Gregor
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: 

Re: Emacs: Crypto: How to get automatic encryption?

[Gregor Zattler]

Hi David, notmuch developers,
On Wed, 04 Jan 2012 08:48:43 +, David Edmondson d...@dme.org wrote:
 On Wed, 04 Jan 2012 08:36:39 +, David Edmondson d...@dme.org wrote:
  (if (and encrypt (dme:message-determine-encryption))
 
 Oops. `encrypt' is set to `t' earlier if the code decides that I want to
 encrypt outgoing mail (it's not set for work purposes, in essence).

Thanks for your code.  It works here too and is much appreciated.  

[Off topic: I'm working through the mime-security customisation
at the moment.  As far as I see now mime-security proposes all
ultimately trusted keys for signing and does not filter this list
of keys with the email address in the From: header.  As a mutt
user I'm used otherwise: mutt is configurable to only show a key
selection menu if there are more than one key which fit the
relevant address -- otherwise it uses this only one without
further ado.]

Ciao; Gregor


pgpR2Iu8y58nr.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Emacs: Crypto: How to get automatic encryption?

[Gregor Zattler]

Hi Jameson,
* Jameson Graef Rollins  [12. Jan. 2012]:
> On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins  finestructure.net> wrote:
>> Unfortunately, auto encrypting of replies to encrypted emails is not yet
>> implemented.  It is desperately needed, though, obviously.  So this is a
>> good excuse to start a discussion about how we could achieve this.
[...]
> There is a set of patches in the queue to add a JSON output format for
> reply, with the emacs UI then consuming that to construct the reply
> template [0].  This will make it very easy to communicate to the emacs
> UI that the original message was encrypted, and that the reply should be
> similarly encrypted.  I'm going to wait until that patch set makes it
> through, and then build this functionality on top of that.
> [0] id:"1326009162-19524-3-git-send-email-awg+notmuch at xvx.ca"


That would be really great.

But how about not only replying encrypted but encrypting every
email if possible?  "Possible" could mean different things,
though:

1) encrypt if fully trusted suitable public keys for all
   recipients are GnuPG key ring.

2) encrypt if suitable public keys for all recipients are in
   GnuPGs key ring.

3) try to fetch suitable public keys from server in order to to
   check 2).


I for instance fiddled with my mutt configuration to achieve 1).

But I have no clue about how to do this with notmuch/Emacs.

Ciao, Gregor
-- 
 -... --- .-. . -.. ..--.. ...-.-

Emacs: Crypto: How to get automatic encryption?

[Darren McGuicken]

On Thu, 12 Jan 2012 20:05:14 +0100, Gregor Zattler  wrote:
> 2) encrypt if suitable public keys for all recipients are in
>GnuPGs key ring.
[...]
> But I have no clue about how to do this with notmuch/Emacs.

Isn't that what David provides an elisp-snippet for in
id:"cunk4576ezs.fsf at hotblack-desiato.hh.sledj.net"?

I've been using it myself since it was posted and it seems to work
according to the behaviour you desire in point 2.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Thu, 12 Jan 2012 20:05:14 +0100, Gregor Zattler  wrote:
> But how about not only replying encrypted but encrypting every
> email if possible?  "Possible" could mean different things,
> though:

This is already easy to do in emacs, and doesn't require any special
notmuch support:

(add-hook 'message-setup-hook mml-secure-message-encrypt-pgpmime)

This is the same as what I suggested for auto-sign.  You might have to
do a little elisp hacking to do fancier stuff, but again, doing
something for all outgoing mail is more about message-mode, and is not
notmuch specific.

jamie.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins  wrote:
> Unfortunately, auto encrypting of replies to encrypted emails is not yet
> implemented.  It is desperately needed, though, obviously.  So this is a
> good excuse to start a discussion about how we could achieve this.
> 
> It just occurs to me that a way to do this would be to have notmuch
> reply add the appropriate mml #secure tag for encryption to the output
> reply template, maybe with something like a --emacs option.  That would
> be pretty easy to implement, although it would obviously be very UI
> specific.
> 
> Another possibility would be for notmuch reply to add some sort of
> header to the reply message to indicate that the original was encrypted,
> and then do something in emacs to try to read that header and add the
> appropriate mml #secure tag.  That would also be easy to implement in
> the notmuch CLI, and it would be more UI agnostic, but it would require
> a lot more elisp.

There is a set of patches in the queue to add a JSON output format for
reply, with the emacs UI then consuming that to construct the reply
template [0].  This will make it very easy to communicate to the emacs
UI that the original message was encrypted, and that the reply should be
similarly encrypted.  I'm going to wait until that patch set makes it
through, and then build this functionality on top of that.

jamie.

[0] id:"1326009162-19524-3-git-send-email-awg+notmuch at xvx.ca"
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: 

Re: Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins 
jroll...@finestructure.net wrote:
 Unfortunately, auto encrypting of replies to encrypted emails is not yet
 implemented.  It is desperately needed, though, obviously.  So this is a
 good excuse to start a discussion about how we could achieve this.
 
 It just occurs to me that a way to do this would be to have notmuch
 reply add the appropriate mml #secure tag for encryption to the output
 reply template, maybe with something like a --emacs option.  That would
 be pretty easy to implement, although it would obviously be very UI
 specific.
 
 Another possibility would be for notmuch reply to add some sort of
 header to the reply message to indicate that the original was encrypted,
 and then do something in emacs to try to read that header and add the
 appropriate mml #secure tag.  That would also be easy to implement in
 the notmuch CLI, and it would be more UI agnostic, but it would require
 a lot more elisp.

There is a set of patches in the queue to add a JSON output format for
reply, with the emacs UI then consuming that to construct the reply
template [0].  This will make it very easy to communicate to the emacs
UI that the original message was encrypted, and that the reply should be
similarly encrypted.  I'm going to wait until that patch set makes it
through, and then build this functionality on top of that.

jamie.

[0] id:1326009162-19524-3-git-send-email-awg+notm...@xvx.ca


pgpKkkM4qPfnu.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[Gregor Zattler]

Hi Jameson,
* Jameson Graef Rollins jroll...@finestructure.net [12. Jan. 2012]:
 On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins 
 jroll...@finestructure.net wrote:
 Unfortunately, auto encrypting of replies to encrypted emails is not yet
 implemented.  It is desperately needed, though, obviously.  So this is a
 good excuse to start a discussion about how we could achieve this.
[...]
 There is a set of patches in the queue to add a JSON output format for
 reply, with the emacs UI then consuming that to construct the reply
 template [0].  This will make it very easy to communicate to the emacs
 UI that the original message was encrypted, and that the reply should be
 similarly encrypted.  I'm going to wait until that patch set makes it
 through, and then build this functionality on top of that.
 [0] id:1326009162-19524-3-git-send-email-awg+notm...@xvx.ca


That would be really great.

But how about not only replying encrypted but encrypting every
email if possible?  Possible could mean different things,
though:

1) encrypt if fully trusted suitable public keys for all
   recipients are GnuPG key ring.

2) encrypt if suitable public keys for all recipients are in
   GnuPGs key ring.

3) try to fetch suitable public keys from server in order to to
   check 2).


I for instance fiddled with my mutt configuration to achieve 1).

But I have no clue about how to do this with notmuch/Emacs.

Ciao, Gregor
-- 
 -... --- .-. . -.. ..--.. ...-.-
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Thu, 12 Jan 2012 20:05:14 +0100, Gregor Zattler telegr...@gmx.net wrote:
 But how about not only replying encrypted but encrypting every
 email if possible?  Possible could mean different things,
 though:

This is already easy to do in emacs, and doesn't require any special
notmuch support:

(add-hook 'message-setup-hook mml-secure-message-encrypt-pgpmime)

This is the same as what I suggested for auto-sign.  You might have to
do a little elisp hacking to do fancier stuff, but again, doing
something for all outgoing mail is more about message-mode, and is not
notmuch specific.

jamie.


pgpNHe6yXA8tw.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[Darren McGuicken]

On Thu, 12 Jan 2012 20:05:14 +0100, Gregor Zattler telegr...@gmx.net wrote:
 2) encrypt if suitable public keys for all recipients are in
GnuPGs key ring.
[...]
 But I have no clue about how to do this with notmuch/Emacs.

Isn't that what David provides an elisp-snippet for in
id:cunk4576ezs@hotblack-desiato.hh.sledj.net?

I've been using it myself since it was posted and it seems to work
according to the behaviour you desire in point 2.


pgpQhDipPeHkJ.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[Gregor Zattler]

Hi Jamie, notmuch developers,
On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins 
jroll...@finestructure.net wrote:
 On Tue, 3 Jan 2012 20:56:51 +0100, Gregor Zattler telegr...@gmx.net wrote:
  I replied to a PGP/MIME signed and encrypted e-mail and was
  astonished to realise that my reply was sent unencrypted (and
  unsigened for that matter).
 
 Yikes!  Sorry this happened, and I hope nothing too sensitive was
 exposed.

No :-)

 Auto signing of outgoing mail can be enabled by the following [0]:
 
 (add-hook 'message-setup-hook mml-secure-message-sign-pgpmime)
 
 You can configure the message-setup-hook with the customization UI as
 well.

I tried this and enabled mml-secure-message-encrypt-pgpmime too.
I did a test with an address I have no public key for.  I was
informed of the fact and asked if I want to skip this key.  The
result was an email encrypted only to me (I suppose it's a
sensible default to include the key of the sender in the list of
key to encrypt to), so it would be unreadable for the recipient :-(

 Unfortunately, auto encrypting of replies to encrypted emails is not yet
 implemented.  It is desperately needed, though, obviously.  So this is a
 good excuse to start a discussion about how we could achieve this.
 
 It just occurs to me that a way to do this would be to have notmuch
 reply add the appropriate mml #secure tag for encryption to the output
 reply template, maybe with something like a --emacs option.  That would
 be pretty easy to implement, although it would obviously be very UI
 specific.
 
 Another possibility would be for notmuch reply to add some sort of
 header to the reply message to indicate that the original was encrypted,
 and then do something in emacs to try to read that header and add the
 appropriate mml #secure tag.  That would also be easy to implement in
 the notmuch CLI, and it would be more UI agnostic, but it would require
 a lot more elisp.
 
 Or maybe we could support both?
 
 Any other suggestions?

I'm no developer; your second suggestion sounds more plausible
me since notmuch is a frontend-agnostic mail system.

  Actually the message buffer in which I write replies has Auto
  Encryption Mode enabled, but nothing happens.  
 
 That's unfortunate.  Can you explain exactly how you set this up, and
 how it didn't work?

Actually I did not set it up.  I tested this again with emacs23
-q ...  It has something to do with EasyPG and therefore I assume
it only works on the level of file encryption if the file
associated with the buffer ends in .pgp  But that's a guess.


[...]
 It's actually usually mml that is used with message-mode to
 sign/encrypt message, not epg.

Thanks for your info.  Actually I'm a mutt user and I customised
mutt to opportunistically encrypt emails if I/gpg have/has public
keys for all recipients of an email.  I have no clue how to
achieve this with Emacs.

Ciao; Gregor
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Wed, 04 Jan 2012 08:36:39 +, David Edmondson  wrote:
>   (if (and encrypt (dme:message-determine-encryption))

Oops. `encrypt' is set to `t' earlier if the code decides that I want to
encrypt outgoing mail (it's not set for work purposes, in essence).
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins  wrote:
> Any other suggestions?

In the function that I add to `message-send-hook' I do the following:

(message-goto-body)
;; If already set, don't override.
(if (not (looking-at (regexp-quote "<#secure ")))
;; If we can encrypt, do so, else just sign.
(if (and encrypt (dme:message-determine-encryption))
(insert "<#secure method=pgpmime mode=signencrypt>\n")
  (insert "<#secure method=pgpmime mode=sign>\n"

Where `dme:message-determine-encryption' is:

(defun dme:message-determine-encryption ()
  "Return `t' if we have gpg public keys for all recipients of
this message."
  (require 'pgg)
  (if (not (message-news-p)) ; No encryption for news.
  (catch :exit
(mapc
 (lambda (addr)
   (if (not (pgg-lookup-key (downcase (mail-strip-quoted-names addr
   (throw :exit nil)))
 (message-tokenize-header (concat
   (message-fetch-field "to")
   ","
   (message-fetch-field "cc"
t)
nil))

(I'd probably re-write that to use a cl loop now - it's very old.)
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[Gregor Zattler]

Hi Jamie, notmuch developers,
On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins  wrote:
> On Tue, 3 Jan 2012 20:56:51 +0100, Gregor Zattler  
> wrote:
> > I replied to a PGP/MIME signed and encrypted e-mail and was
> > astonished to realise that my reply was sent unencrypted (and
> > unsigened for that matter).
> 
> Yikes!  Sorry this happened, and I hope nothing too sensitive was
> exposed.

No :-)

> Auto signing of outgoing mail can be enabled by the following [0]:
> 
> (add-hook 'message-setup-hook mml-secure-message-sign-pgpmime)
> 
> You can configure the message-setup-hook with the customization UI as
> well.

I tried this and enabled mml-secure-message-encrypt-pgpmime too.
I did a test with an address I have no public key for.  I was
informed of the fact and asked if I want to skip this key.  The
result was an email encrypted only to me (I suppose it's a
sensible default to include the key of the sender in the list of
key to encrypt to), so it would be unreadable for the recipient :-(

> Unfortunately, auto encrypting of replies to encrypted emails is not yet
> implemented.  It is desperately needed, though, obviously.  So this is a
> good excuse to start a discussion about how we could achieve this.
> 
> It just occurs to me that a way to do this would be to have notmuch
> reply add the appropriate mml #secure tag for encryption to the output
> reply template, maybe with something like a --emacs option.  That would
> be pretty easy to implement, although it would obviously be very UI
> specific.
> 
> Another possibility would be for notmuch reply to add some sort of
> header to the reply message to indicate that the original was encrypted,
> and then do something in emacs to try to read that header and add the
> appropriate mml #secure tag.  That would also be easy to implement in
> the notmuch CLI, and it would be more UI agnostic, but it would require
> a lot more elisp.
> 
> Or maybe we could support both?
> 
> Any other suggestions?

I'm no developer; your second suggestion sounds more plausible
me since notmuch is a frontend-agnostic mail system.

> > Actually the message buffer in which I write replies has Auto
> > Encryption Mode enabled, but nothing happens.  
> 
> That's unfortunate.  Can you explain exactly how you set this up, and
> how it didn't work?

Actually I did not set it up.  I tested this again with emacs23
-q ...  It has something to do with EasyPG and therefore I assume
it only works on the level of file encryption if the file
associated with the buffer ends in .pgp  But that's a guess.


[...]
> It's actually usually mml that is used with message-mode to
> sign/encrypt message, not epg.

Thanks for your info.  Actually I'm a mutt user and I customised
mutt to opportunistically encrypt emails if I/gpg have/has public
keys for all recipients of an email.  I have no clue how to
achieve this with Emacs.

Ciao; Gregor

Re: Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins 
jroll...@finestructure.net wrote:
 Any other suggestions?

In the function that I add to `message-send-hook' I do the following:

(message-goto-body)
;; If already set, don't override.
(if (not (looking-at (regexp-quote #secure )))
;; If we can encrypt, do so, else just sign.
(if (and encrypt (dme:message-determine-encryption))
(insert #secure method=pgpmime mode=signencrypt\n)
  (insert #secure method=pgpmime mode=sign\n

Where `dme:message-determine-encryption' is:

(defun dme:message-determine-encryption ()
  Return `t' if we have gpg public keys for all recipients of
this message.
  (require 'pgg)
  (if (not (message-news-p)) ; No encryption for news.
  (catch :exit
(mapc
 (lambda (addr)
   (if (not (pgg-lookup-key (downcase (mail-strip-quoted-names addr
   (throw :exit nil)))
 (message-tokenize-header (concat
   (message-fetch-field to)
   ,
   (message-fetch-field cc
t)
nil))

(I'd probably re-write that to use a cl loop now - it's very old.)


pgprqlUJdFWCW.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[David Edmondson]

On Wed, 04 Jan 2012 08:36:39 +, David Edmondson d...@dme.org wrote:
   (if (and encrypt (dme:message-determine-encryption))

Oops. `encrypt' is set to `t' earlier if the code decides that I want to
encrypt outgoing mail (it's not set for work purposes, in essence).


pgpVwxXz7acMP.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Emacs: Crypto: How to get automatic encryption?

[Gregor Zattler]

Dear notmuch developers,

I replied to a PGP/MIME signed and encrypted e-mail and was
astonished to realise that my reply was sent unencrypted (and
unsigened for that matter).

Actually the message buffer in which I write replies has Auto
Encryption Mode enabled, but nothing happens.  

Till now I investigated customisable variables for notmuch,
message mode, epg but did not find a way to tell Emacs to sign
and encrypt an e-mail if the correspondent (signed and) and
encrypted her/his e-mail.  

Is this doable?   How so?

Thanks for an answer, happy new year and thanks again for notmuch, Gregor

Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Tue, 3 Jan 2012 20:56:51 +0100, Gregor Zattler  wrote:
> I replied to a PGP/MIME signed and encrypted e-mail and was
> astonished to realise that my reply was sent unencrypted (and
> unsigened for that matter).

Yikes!  Sorry this happened, and I hope nothing too sensitive was
exposed.

Auto signing of outgoing mail can be enabled by the following [0]:

(add-hook 'message-setup-hook mml-secure-message-sign-pgpmime)

You can configure the message-setup-hook with the customization UI as
well.

Unfortunately, auto encrypting of replies to encrypted emails is not yet
implemented.  It is desperately needed, though, obviously.  So this is a
good excuse to start a discussion about how we could achieve this.

It just occurs to me that a way to do this would be to have notmuch
reply add the appropriate mml #secure tag for encryption to the output
reply template, maybe with something like a --emacs option.  That would
be pretty easy to implement, although it would obviously be very UI
specific.

Another possibility would be for notmuch reply to add some sort of
header to the reply message to indicate that the original was encrypted,
and then do something in emacs to try to read that header and add the
appropriate mml #secure tag.  That would also be easy to implement in
the notmuch CLI, and it would be more UI agnostic, but it would require
a lot more elisp.

Or maybe we could support both?

Any other suggestions?

> Actually the message buffer in which I write replies has Auto
> Encryption Mode enabled, but nothing happens.  

That's unfortunate.  Can you explain exactly how you set this up, and
how it didn't work?

> Till now I investigated customisable variables for notmuch,
> message mode, epg but did not find a way to tell Emacs to sign
> and encrypt an e-mail if the correspondent (signed and) and
> encrypted her/his e-mail.  

It's actually usually mml that is used with message-mode to
sign/encrypt message, not epg.

jamie.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: 

Emacs: Crypto: How to get automatic encryption?

[Gregor Zattler]

Dear notmuch developers,

I replied to a PGP/MIME signed and encrypted e-mail and was
astonished to realise that my reply was sent unencrypted (and
unsigened for that matter).

Actually the message buffer in which I write replies has Auto
Encryption Mode enabled, but nothing happens.  

Till now I investigated customisable variables for notmuch,
message mode, epg but did not find a way to tell Emacs to sign
and encrypt an e-mail if the correspondent (signed and) and
encrypted her/his e-mail.  

Is this doable?   How so?

Thanks for an answer, happy new year and thanks again for notmuch, Gregor

___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Emacs: Crypto: How to get automatic encryption?

[Jameson Graef Rollins]

On Tue, 3 Jan 2012 20:56:51 +0100, Gregor Zattler telegr...@gmx.net wrote:
 I replied to a PGP/MIME signed and encrypted e-mail and was
 astonished to realise that my reply was sent unencrypted (and
 unsigened for that matter).

Yikes!  Sorry this happened, and I hope nothing too sensitive was
exposed.

Auto signing of outgoing mail can be enabled by the following [0]:

(add-hook 'message-setup-hook mml-secure-message-sign-pgpmime)

You can configure the message-setup-hook with the customization UI as
well.

Unfortunately, auto encrypting of replies to encrypted emails is not yet
implemented.  It is desperately needed, though, obviously.  So this is a
good excuse to start a discussion about how we could achieve this.

It just occurs to me that a way to do this would be to have notmuch
reply add the appropriate mml #secure tag for encryption to the output
reply template, maybe with something like a --emacs option.  That would
be pretty easy to implement, although it would obviously be very UI
specific.

Another possibility would be for notmuch reply to add some sort of
header to the reply message to indicate that the original was encrypted,
and then do something in emacs to try to read that header and add the
appropriate mml #secure tag.  That would also be easy to implement in
the notmuch CLI, and it would be more UI agnostic, but it would require
a lot more elisp.

Or maybe we could support both?

Any other suggestions?

 Actually the message buffer in which I write replies has Auto
 Encryption Mode enabled, but nothing happens.  

That's unfortunate.  Can you explain exactly how you set this up, and
how it didn't work?

 Till now I investigated customisable variables for notmuch,
 message mode, epg but did not find a way to tell Emacs to sign
 and encrypt an e-mail if the correspondent (signed and) and
 encrypted her/his e-mail.  

It's actually usually mml that is used with message-mode to
sign/encrypt message, not epg.

jamie.


pgpox9JyS9sKp.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch